almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-04-28 17:32:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow more elements with CSP (#1057)

Browse source 
Ultimately, we should get rid of inline style
For image in data: scheme, I think it's OK for now
Fixes #1055
This commit is contained in:
Glandos 2022-08-28 11:49:29 +02:00 committed by GitHub
parent 08defaea8f
commit 8695b899db
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
ihatemoney/run.py
View file

@ -144,6 +144,8 @@ def create_app(
# We have several inline javascript scripts :(
"script-src": ["'self'", "'unsafe-inline'"],
"object-src": "'none'",
"img-src": ["'self'", "data:"],
"style-src": ["'self'", "'unsafe-inline'"],
}
Talisman(